none
dsquery user -disabled unexpected results

    Întrebare

  •  

    In a test environment I created an OU and populated it with a few disabled test accounts in order to test a disabled acount deletion script.

    In AD Users and Computers, the accounts are clearly marked as disabled.

    However, when running:

    dsquery user "OU=TEST_OU,DC=domain,DC=dom" -disabled

    ...there are no accounts returned.

    Also, when running:

    dsquery user domainroot -disabled

    ...I get results of other accounts in AD (other OUs/containers) that are disabled but not users from the test OU.

    Any ideas why this might happen?

    -Thanks...

    30 aprilie 2012 12:36

Răspunsuri

Toate mesajele

  •  

    In a test environment I created an OU and populated it with a few disabled test accounts in order to test a disabled acount deletion script.

    In AD Users and Computers, the accounts are clearly marked as disabled.

    However, when running:

    dsquery user "OU=TEST_OU,DC=domain,DC=dom" -disabled

    ...there are no accounts returned.

    Also, when running:

    dsquery user domainroot -disabled

    ...I get results of other accounts in AD (other OUs/containers) that are disabled but not users from the test OU.

    Any ideas why this might happen?

    -Thanks...

    Hello,

    How many DCs you have?

    If you more than a single DC then this may be due to AD replication issues. To check please run dcdiag /v on each DC you have and see if there is any reported error.


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    30 aprilie 2012 12:45
  • As Mr.X said. It might be due to replication issue.

    Apart from that , you can just give a try ,

    Run Dsquery OU -name Test_OU . Get the compelte DN of Test_OU , Then put this in Dsquery users "DN of the Test_OU" -disabled and check.

    Regards,

    _Prashant_


    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    30 aprilie 2012 12:51
  • Yep... looks like I might have a replication problem...

    There are only 2 DCs and I get the results I expect when running the query on the other DC.

    I feel kinda stupid for not checking that 1st.

    Thanks!

    30 aprilie 2012 13:02
  • I checked the cmd in a lab dsquery user OU=Accounts,DC=testlab,DC=com -disabled and it works on my windows 2008 R2 system. You can also use olccmp tool and see if you are getting error from that tool even.

    http://social.technet.microsoft.com/wiki/contents/articles/2195.dsquery-commands-en-us.aspx

    http://www.joeware.net/freetools/tools/oldcmp/index.htm


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    30 aprilie 2012 13:02
  • Hi,

    To troubleshoot replication issue, I would like suggest you refer to the below links:

    Troubleshooting Active Directory Replication Problems

    http://technet.microsoft.com/en-us/library/cc738415(v=ws.10).aspx

    Troubleshooting Active Directory Replication Problems

    http://technet.microsoft.com/en-us/library/bb727057.aspx

    Regards,

    Yan Li


    Yan Li

    TechNet Community Support

    1 mai 2012 07:22
  • To troubleshoot AD replication, you can refer one more article.

    http://social.technet.microsoft.com/wiki/contents/articles/2285.aspx


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    1 mai 2012 07:27